Secure network location awareness
First Claim
1. A client system comprising:
- one or more processors configured to generate a first nonce used as a first freshness indicator;
an output device circuitry configured to send a network request to an access node of a communications network, the access node being certified by a common root certification authority, the request containing the first nonce;
a memory configured to store network settings based on information received from at least one other access node different from the access node, the other access node having been certified and bound into one logical network location with the access node by the common root certification authority of the access nodes;
an input device circuitry configured to receive a signed message from the access node of the communications network, the signed message comprising a signature, a location identifier, a public key, and at least a second nonce used as second freshness indicator comprising; and
the one or more processors being further configured to;
parse the signed message to obtain the second nonce, the signature, and the public key;
compare the first nonce with the second nonce;
validate the second nonce based on the comparison of the first nonce and the second nonce;
verify the signature of the signed message using the public key, andallow the client computing device to access the stored network settings for use within the network, in response to a successful validation of the second nonce and a successful verification of the signature.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure network location awareness is provided whereby a client is able to use appropriate settings when communicating with an access node of a communications network. In an embodiment a client receives a signed message from the access node, the signed message comprising at least a certificate chain having a public key. In some embodiments the certificate chain may be only a self-signed certificate and in other embodiments the certificate chain is two or more certificates in length. The client validates the certificate chain and verifies the signature of the signed message. If this is successful the client accesses stored settings for use with the access node. The stored settings are accessed at least using information about the public key. In another embodiment the signed message also comprises a location identifier which is, for example, a domain name system (DNS) suffix of the access node.
-
Citations
20 Claims
-
1. A client system comprising:
-
one or more processors configured to generate a first nonce used as a first freshness indicator; an output device circuitry configured to send a network request to an access node of a communications network, the access node being certified by a common root certification authority, the request containing the first nonce; a memory configured to store network settings based on information received from at least one other access node different from the access node, the other access node having been certified and bound into one logical network location with the access node by the common root certification authority of the access nodes; an input device circuitry configured to receive a signed message from the access node of the communications network, the signed message comprising a signature, a location identifier, a public key, and at least a second nonce used as second freshness indicator comprising; and the one or more processors being further configured to; parse the signed message to obtain the second nonce, the signature, and the public key; compare the first nonce with the second nonce; validate the second nonce based on the comparison of the first nonce and the second nonce; verify the signature of the signed message using the public key, and allow the client computing device to access the stored network settings for use within the network, in response to a successful validation of the second nonce and a successful verification of the signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of granting access for a client commuting device, the method comprising:
-
generating, by one or more hardware processors, a first nonce used as a first freshness indicator; sending, by an output device circuitry, a network request to an access node of a communications network, the access node being certified by a common root certification authority, the request containing the first nonce; storing network settings based on information received from at least one other access node different from the access node, the other access node having been certified and bound into one logical network location with the access node by the common root certification authority of the access nodes; receiving, by an input device circuitry, a signed message form the access node of the communications network, the signed message comprising a signature, a location identifier, a public key, and at least a second nonce used as second freshness indicator; parsing the signed message to obtain the second nonce, the signature, and the public key; comparing the first nonce with the second nonce; validating the second nonce based on the comparison of the first nonce and the second nonce; verifying the signature of the signed message using the public key, and allowing the client computing device to access the stored network settings for use within the network, in response to a successful validation of the second nonce and a successful verification of the signature. - View Dependent Claims (11, 12)
-
-
13. One or more computer-readable memory storing computer-readable instructions that, when executed on a processor of a client computing device, configure the processor to perform a series of acts comprising:
-
generating a first nonce used as a first freshness indicator; sending, by an output device circuitry, a network request to an access node of a communications network, the access node being certified by a common root certification authority, the request containing the first nonce; storing network settings based on information received from at least one other access node different from the access node, the other access node having been certified and bound into one logical network location with the access node by the common root certification authority of the access nodes; receiving, by an input device circuitry, a signed message from the access node of the communications network, the signed message comprising a signature, a location identifier, a public key, and at least a second nonce used as second freshness indicator; parsing the signed message to obtain the second nonce, the signature, and the public key; comparing the first nonce with the second nonce; validating the second nonce based on the comparison of the first nonce and the second nonce; verifying the signature of the signed message using the public key, and allowing the client computing device to access the stored network settings for use within the network, in response to a successful validation of the second nonce and a successful verification of the signature. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification